Top News

EPIC Challenges Samsung's Surveillance of the Home, Files FTC Complaint: EPIC has filed a complaint to the Federal Trade Commission about Samsung's SmartTvs. "Samsung routinely intercepts and records the private communications of consumers in their homes," EPIC wrote. EPIC detailed widespread consumer objections and charged that "privacy notices" do not diminish the harm to American consumers. In setting out the privacy violations, EPIC cited the FTC Act, the Children's Online Privacy Protection Act, The Cable Act, and the Electronic Communications Privacy Act. EPIC also noted a recent speech of FTC Chair Edith Ramirez about privacy and consumer products. EPIC asked the FTC to enjoin Samsung and other companies that engage in similar practices. (Feb. 24, 2015)

Privacy Case Moves Forward Against Facebook and Zynga: The Ninth Circuit found that the companies may have violated Facebook's privacy policies when they disclosed user information for advertising purposes. Separately, the court ruled that there was no violation of the Electronic Communications Privacy Act because the data disclosed (including Facebook IDs and HTTP referers) is not "contents" of a communication. Congress is set to consider several ECPA reforms, and could fix the court's ruling by making clear that the law prevents the disclosure of personally identifiable information. For more information, see EPIC: Electronic Communications Privacy Act and EPIC: Facebook Privacy. (May. 9, 2014)

Texas Bill to Require Warrants for E-mail Searches Awaits Governor's Signature: The Texas legislature has passed H.B. No. 2268, a bill that creates a warrant requirement for law enforcement access to stored electronic communications and customer data. The law, which was presented to Governor Rick Perry this week, is the first successful state effort to establish an across-the-board warrant requirement for stored communications. Congress is considering similar changes to the federal Electronic Communications Privacy Act. Others have proposed more sweeping privacy reforms, and there are bills in both the House and Senate that would establish location privacy protections. EPIC testified before the Texas Legislature on H.B. 1608, a location privacy companion to H.B. 2268. For more information, see EPIC: Electronic Communications Privacy Act and EPIC: Locational Privacy. (May. 29, 2013)

Senator Leahy Sets Out Judiciary Committee Agenda for New Congress: On January 16, 2013, Georgetown University Law School hosted Senator Patrick Leahy (D-VT), the chairman of the Senate Judiciary Committee. Leahy set out the agenda of the Judiciary Committee in the 113th Congress, vowing to commit the Committee to addressing "out most fundamental rights, and our most basic freedoms." Updates to key legislation, including laws on e-mail privacy and cybersecurity, are included in the Committee's agenda. The Chairman explained that the Committee would also address the need for oversight of US counterterrorism programs as well as privacy issues involved with the growing use of domestic surveillance drones. Furthermore, Senator Leahy emphasized the importance of open government as an American value, promising to "continue to fight for transparency that keeps the government accountable to the people." For more information, see EPIC: Electronic Communications Privacy Act, EPIC: Open Government, and EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones. (Jan. 17, 2013)

Questions Presented

Whether e-mails stored by an e-mail provider after delivery are in "electronic storage" under the Stored Communications Act

Background

This case involves unauthorized access to an e-mail account arising from a domestic dispute. After Mr. Jennings confessed that he "had fallen in love with someone else," and "admitted the two had been corresponding via e-mail for some time," his wife's daughter-in-law, Holly Broome, gained access to his Yahoo! e-mail account by answering his security questions to obtain his password. When Mr. Jennings discovered that Ms. Broom had accessed his e-mails and shared them with his wife, her attorney, and a private investigator, he brought suit in South Carolina state court. All claims were dismissed by the trial court, but the court of appeals ruled that Mr. Jennings could state a claim against Ms. Broome under the Stored Communications Act, 18 U.S.C. §§ 2701-12, because the e-mails were in "electronic storage" as defined in § 2710(15).

The Supreme Court of South Carolina granted certiorari, and reversed the judgment of the court of appeals. However, the five justices of the South Carolina court did not agree on the proper interpretation of "electronic storage" under the Electronic Communications Privacy Act. The justices wrote three separate opinions, which can be summarized as follows:

Justice Hearn's Opinion of the Court (Joined by Justice Kittredge)

Justice Hearn's opinion found that the definition of "electronic storage" did not cover the e-mails at issue in this case because they were not stored "for the purposes of backup protection." This opinion relies on the "ordinary" definition of the term "backup" - "one that serves as a substitute or support" - and the fact that Mr. Jennings did not make a second copy of his e-mail. As a result, Justice Hearn held that his e-mail could not have been a "backup" and thus was not protected by ECPA.

Chief Justice Toal's Concurring Opinion (Joined by Justice Beatty)

Chief Justice Toal's opinion finds that there need not be a second copy in order for the e-mail storage to constitute "backup protection," but that the definition of "electronic storage" only includes temporary, intermediate copies. As a result, Justice Toal found that when "a recipient opens the e-mail" it is no longer in "electronic storage" and thus no longer protected from unauthorized access.

Justice Pleicones' Opinion

Justice Pliecones wrote a separate opinion concurring with Chief Justice Toal's opinion, but specifying that the definition of "electronic storage" is disjunctive, rather than conjunctive, and includes either "(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof," or "(B) any storage of such communication by an electronic communication service for the purposes of backup protection of such communication." 18 U.S.C. § 2510(17)(A). Justice Pleicones found that the e-mails at issue in this case were not in "electronic storage" because they were not copies made by the service provider for backup protection.

All three of the South Carolina Justices' opinions conflict with the Ninth Circuit's view in Theofel v. Farey-Jones, 359 F.3d 1066 (9th Cir. 2004), that e-mails received and read, and then left on the server instead of being deleted, could be characterized as stored "for the purposes of backup protection" and therefore kept in electronic storage under subsection (B) of 18 U.S.C. § 2510(17). Id. at 1075.

The definition of "electronic storage" is used throughout the Stored Communications Act ("SCA"), and defines the scope of important privacy rights for e-mail users. The SCA prohibits unauthorized access to e-mail and other communications in "electronic storage." See 18 U.S.C. § 2701. The SCA also regulates the voluntary disclosure by service providers of messages in "electronic storage." See 18 U.S.C. § 2702. And finally, the SCA specifies the legal process the government must use to compel disclosure of messages in "electronic storage." See 18 U.S.C. § 2703. The SCA specifies that government must obtain a warrant in order to access an e-mail that has been in "electronic storage" for 180 days or less. See id.

EPIC's Interest in Jennings v. Jennings

The primary form of electronic communication is e-mail. Unlike at the time the Electronic Communications Privacy Act was passed in 1986, the majority of e-mail is now stored and accessible remotely in cloud-based services. Yet protecting the privacy of e-mail messages, as EPIC has noted in the past, is still one of the core purposes of ECPA. In United States v. Councilman, a case involving a criminal prosecution under the wiretap act for interception of e-mail, EPIC joined leading civil liberties organizations in an amicus brief authored by Professor Orin Kerr. EPIC argued that an e-mail can be simultaneously in "electronic storage" and subject to interception under the Wiretap Act. Several EPIC advisory board members who are technical experts and leading authorities on Internet architecture, e-mail communications, and computer privacy also filed an amicus brief in Councilman, arguing that "ECPA was intended to deal precisely with the improper capture of information by one party that is intended solely for delivery to other(s) . . . ." Senator Patrick Leahy, one of the authors of ECPA, also filed an amicus brief in the case arguing that the definition of "electronic storage" was "designed to distinguish the SCA from ordinary computer crime statutes covering unauthorized system access unrelated to the communications process," and that the definition should not "cast doubt upon Title III's protection of electronic communications" during the transmission phase.

EPIC also filed an amicus brief in Bunnell v. MPAA, a civil wiretap act case involving a question substantially similar to that in Councilman. EPIC's brief argued that Congress added "electronic storage" to the definition of wire communications to expand protections for voicemail, not to lessen protections for stored e-mail.